Hi๐Ÿ‘‹๐Ÿผ Iโ€™m HAHWUL.

Offensive Security Engineer, Rubyist/Crystalist/Gopher and H4cker

Posts - Page 55 of 86

Burp suite ์ค‘๋…์ž๊ฐ€ ๋ฐ”๋ผ๋ณธ OWASP ZAP(Zed Attack Proxy). ์ด์ œ๋ถ€ํ„ฐ ๋“€์–ผ์ด๋‹ค!

  • 3 min read

์š”์ฆ˜ ๋ถ€์ฉ ํˆด์— ๋Œ€ํ•œ ๋งŽ์€ ๊นŠ์€ ๊ณ ๋ฏผ์ด ์ƒ๊ฒผ์Šต๋‹ˆ๋‹ค. ์–ด๋–ค ํˆด์„ ์“ฐ๋ฉด ์ข‹์„์ง€, ์ด์ฐธ์— ๊ฑ ํ•˜๋‚˜ ๋งŒ๋“ค์ง€โ€ฆ ํ•œโ€ฆ 3๋…„? ์ „์ฏค์—๋„ ๊ฐ™์€ ๊ณ ๋ฏผ์ด ์žˆ์—ˆ์ฃ . ๊ทธ๋•Œ๋Š” Burp suite์— ์˜ฌ์ธํ•˜๊ธฐ๋กœ ๋งˆ์Œ์„ ์žก์•˜์—ˆ์Šต๋‹ˆ๋‹ค. ์‹œ๊ฐ„์ด ์ง€๋‚œ ์š”์ฆ˜, ๋˜๋‹ค์‹œ Burp suite์— ๋Œ€ํ•œ ์ง€๊ฒจ์›€, ์ƒˆ๋กœ์›€์„ ๊ฐˆ๊ตฌํ•˜๋Š” ๋งˆ์Œ์— ์—ฌ๋Ÿฌ ๊ณ ๋ฏผ์ด ์‹œ์ž‘๋˜์—ˆ์Šต๋‹ˆ๋‹ค.

Read More

Firefox XSS with Context menu(+css payload)

  • 1 min read

์ฃผ๋ง ๋ฐค ํŠธ์œ„ํ„ฐ๋ฅผ ํ†ตํ•ด ์žฌ๋ฏธ๋‚œ๊ฒŒ ์žˆ๋‚˜ ๊ตฌ๊ฒฝํ•˜๋˜ ๋„์ค‘ ์ต์ˆ™ํ•œ ๊ตฌ๋ฌธ์ด ๋ฆฌํŠธ์œ— ๋˜๋Š” ๊ด‘๊ฒฝ์„ ๋ชฉ๊ฒฉํ–ˆ์Šต๋‹ˆ๋‹ค. ๊ด€๋ จํ•ด์„œ ๋งํฌ ์ฝ์–ด๋ณด๋‹ˆ ์žฌ๋ฏธ์žˆ๋Š” ์ƒํ™ฉ์ด๋”๊ตฐ์š”. ๋‚ด์šฉ์„ ์ด์•ผ๊ธฐํ•˜์ž๋ฉด ํ˜„์žฌ ๋™์ž‘ํ•˜์ง€ ์•Š๋˜ ์˜ค๋ž˜๋œ XSS ํ…Œ์ŠคํŒ… ์ฝ”๋“œ๊ฐ€ ์žˆ์—ˆ๋Š”๋ฐ, ์žฌ๋ฏธ์žˆ๋Š” ๋ฒ„๊ทธ ํ•˜๋‚˜์™€ ์ฝ”๋“œ๋ฅผ ์ด์šฉํ•ด์„œ XSS๊ฐ€ ๊ฐ€๋Šฅํ•œ ์‚ฌ๋ก€์ธ๋ฐ์š”. ์˜ค๋Š˜์€ ์ด ๋‚ด์šฉ ๊ด€๋ จํ•ด์„œ ๊ธ€์„ ์ž‘์„ฑํ•ด๋ด…๋‹ˆ๋‹ค.

Read More

Not-rooted android Kali linux with Termux!(๋น„ ๋ฃจํŒ…ํฐ์—์„œ ์นผ๋ฆฌ ๊ตฌ์„ฑํ•˜๊ธฐ)

  • 1 min read

์ง€๋‚œ๋ฒˆ์— ใ‹ใ‚Šใพใซ@kali-mani๊ฐ€ ์•ˆ๋“œ๋กœ์ด๋“œ ๋””๋ฐ”์ด์Šค์— Kali linux๋ฅผ ์˜ฌ๋ ธ๊ธธ๋ž˜ ๋ฃจํŒ… ์ƒํƒœ์—์„œ Nethunter๋ฅผ ์‚ฌ์šฉํ•œ๊ฑด์ง€ ๋ฌผ์–ด๋ดค๋Š”๋ฐ ๋Œ€๋‹ต์€ โ€œNoโ€ ์˜€์Šต๋‹ˆ๋‹ค.

Read More

BurpKit - Awesome Burp suite Extender(Burp์—์„œ ๊ฐœ๋ฐœ์ž ๋„๊ตฌ๋ฅผ ์‚ฌ์šฉํ•˜์ž!)

  • 2 min read

์˜ฌํ•ด ์ดˆ ์ฏค์ธ๊ฐ€์š”? Payload ๊ด€๋ จํ•ด์„œ ๊ณต์œ  ๋ฐ›์€ ๋‚ด์šฉ์ด ์žˆ์—ˆ๋Š”๋ฐ, ์•Œ๊ณ ๋ณด๋‹ˆ.. ์“ธ๋งŒํ•œ ํˆด์„ ํŒํŒ ์ฐ์–ด๋‚ด๊ณ  ๊ณ„์‹  CrowdShield์˜ 1N3์˜ Git์ด์˜€์Šต๋‹ˆ๋‹ค. ์ด์ค‘์—์„œ ํ•˜์œ„ ํ”Œ๋Ÿฌ๊ทธ์ธ ๋””๋ ‰ํ† ๋ฆฌ๋ฅผ ํ†ตํ•ด Burp suite ํ™•์žฅ๊ธฐ๋Šฅ์„ ์ถ”๊ฐ€๋กœ ๋ฐฐํฌํ•˜๊ณ  ์žˆ๋Š”๋ฐ์š”. ์˜ค๋Š˜์€ ๊ทธ ์ค‘ ํ•˜๋‚˜์ธ Burp Kit์— ๋Œ€ํ•œ ๋‚ด์šฉ์œผ๋กœ ๊ธ€ ์ž‘์„ฑํ•ด๋ด…๋‹ˆ๋‹ค.

Read More

JRuby๋กœ Ruby์™€ Java ๋™์‹œ์— ์‚ฌ์šฉํ•˜๊ธฐ

  • 1 min read

๊ฐœ์ธ์ ์œผ๋กœ BurpSuite์˜ Extender๋ฅผ ๋งŒ๋“ค ๋•Œ Java๋ฅผ ์‚ฌ์šฉํ–ˆ์Šต๋‹ˆ๋‹ค. ๋‹น์—ฐํžˆ Burp๊ฐ€ Java base์ด๊ณ , API ๋“ฑ์˜ ์‚ฌ์šฉ์„ฑ ๋•Œ๋ฌธ์— Java๋กœ ๊ฐœ๋ฐœํ•˜๋Š” ๊ฒƒ์ด ์ผ๋ฐ˜์ ์ธ๋ฐ์š”, ์˜ค๋Š˜์€ Jruby๋ฅผ ์ด์šฉํ•˜์—ฌ Ruby์™€ Java๋ฅผ ํ˜ผ์šฉํ•˜์—ฌ ์‚ฌ์šฉํ•˜๋Š” ๋ฐฉ๋ฒ•์— ๋Œ€ํ•ด ์ด์•ผ๊ธฐํ•˜๋ ค๊ณ  ํ•ฉ๋‹ˆ๋‹ค.

Read More

Javascript๋ฅผ ์ด์šฉํ•˜์—ฌ ๊ฐ„๋‹จํ•˜๊ฒŒ ์นด์นด์˜คํ†ก ๊ณต์œ (์นด์นด์˜ค๋งํฌ) ์ ์šฉํ•˜๊ธฐ

  • 2 min read

์š”์ฆ˜์€ SNS ๊ณต์œ  ๊ธฐ๋Šฅ์„ ์‚ฌ์šฉํ•˜์ง€ ์•Š๋Š” ์›น ํŽ˜์ด์ง€๋ฅผ ๋งŒ๋‚˜๋ณด๊ธฐ๊ฐ€ ๊ต‰์žฅํžˆ ์–ด๋ ต์Šต๋‹ˆ๋‹ค. ํŠนํžˆ๋‚˜ ๋ธ”๋กœ๊ทธ๋‚˜ ๋งค์ฒด, ํŒ๋งค ์‚ฌ์ดํŠธ๋“ค์€ ์ปจํ…์ธ ์˜ ๊ณต์œ ์— ์žˆ์–ด ๊ต‰์žฅํžˆ ์ข‹์€ ๋ฐฉ๋ฒ•์ด๊ณ  ๋งŽ์ด ์‚ฌ์šฉ๋˜๊ณ  ์žˆ๊ธฐ ๋–„๋ฌธ์— ๊ทธ๋ ‡๋‹ค๊ณ  ์ƒ๊ฐ์ด ๋“œ๋„ค์š”. ์ด์ „๋ถ€ํ„ฐ ์—ฌ๋Ÿฌ๊ฐ€์ง€ SNS ์„œ๋น„์Šค์— ๋Œ€ํ•ด์„œ ๊ณต์œ  ๋ฒ„ํŠผ์„ ๋งŒ๋“ค๊ณ  ์‚ฌ์šฉํ•˜๋‹ค๊ฐ€ ์ตœ๊ทผ์—๋Š” google, twitter, facebook ์ •๋„๋งŒ ์œ ์ง€ํ•˜๊ณ  ์žˆ์—ˆ์Šต๋‹ˆ๋‹ค.

Read More

Evasion technique using Wildcards, Quotation marks and backslash, $IFS(WAF, ๋ฐฉ์–ด๋กœ์ง ์šฐํšŒ)

  • 2 min read

WildCards?

Wildcard๋Š” OS์—์„œ ํŒŒ์ผ์— ๋Œ€ํ•ด ๋‹ค์ค‘์ฒ˜๋ฆฌ๋ฅผ ์œ„ํ•ด ์‚ฌ์šฉ๋˜๋Š” ๊ธฐํ˜ธ์ž…๋‹ˆ๋‹ค. ๋ณดํŽธ์ ์œผ๋กœ ๋งŽ์ด ์‚ฌ์šฉํ•˜๋Š”๊ฑด * ? ๋“ฑ์ด ์žˆ๊ณ  ๋•๋ถ„์— ๋ฒˆ๊ฑฐ๋กœ์šด ์ž‘์—…์„ ํ•œ๋ฒˆ์— ์ฒ˜๋ฆฌํ•  ์ˆ˜ ์žˆ๊ฒŒ ๋˜์ฃ . ๋ญ ๋Œ€์ถฉ ์ด๋Ÿฐ ๊ฒฝ์šฐ์ด์ฃ .

Read More

Mapscii - Ascii base Map on Linux terminal (๋ฆฌ๋ˆ…์Šค ํ„ฐ๋ฏธ๋„์—์„œ ์•„์Šคํ‚ค ์ง€๋„๋ฅผ ๋ณด์ž!)

  • ~1 min read

์ข…์ข… ํ„ฐ๋ฏธ๋„ ๋ธŒ๋ผ์šฐ์ €๋ฅผ ํ†ตํ•ด ์›น์„œํ•‘ ํ•˜๊ณค ํ•ฉ๋‹ˆ๋‹ค. ์ด์ „์— ์ข…์ข… ์“ฐ๋‹ค๋ณด๋‹ˆ ๋‚˜๋ฆ„ ํŽธ๋ฆฌํ•œ ๊ฒฝ์šฐ๋„ ์žˆ์–ด ์ผ๋ฐ˜ ๋ธŒ๋ผ์šฐ์ €๋ž‘ ์„ž์–ด์„œ ์‚ฌ์šฉํ•˜๋Š”๋ฐ, ๋ฌธ๋œฉ ์ด๋Ÿฐ ์ƒ๊ฐ์ด ๋“ค์—ˆ์Šต๋‹ˆ๋‹ค.

Read More